Welcome Guest, Not a member yet? Register   Sign In
Storing previous URL as session data
#11

[eluser]crikey[/eluser]
I think the point, Jondolar, (is your username from the Jean M. Auel books?) really is that the (legitimate) user should only delete if: 1) they're logged in, 2) they have permission to delete the item *and* 3) they're knowingly deleting the item using the application/website.

CSRF attacks can occur if 1 and 2 are true but not necessarily 3.

From what I've been reading, using tokens in forms that uniquely relate to the user's session, and checking the existence/matching of the tokens, is a way to help secure a site against CSRF.

Edited for grammar.


Messages In This Thread
Storing previous URL as session data - by El Forum - 04-13-2010, 01:36 AM
Storing previous URL as session data - by El Forum - 04-13-2010, 01:50 AM
Storing previous URL as session data - by El Forum - 04-13-2010, 02:33 AM
Storing previous URL as session data - by El Forum - 04-13-2010, 02:39 AM
Storing previous URL as session data - by El Forum - 04-13-2010, 03:51 AM
Storing previous URL as session data - by El Forum - 04-13-2010, 05:30 AM
Storing previous URL as session data - by El Forum - 04-13-2010, 02:18 PM
Storing previous URL as session data - by El Forum - 04-13-2010, 02:35 PM
Storing previous URL as session data - by El Forum - 04-13-2010, 03:17 PM
Storing previous URL as session data - by El Forum - 04-13-2010, 08:50 PM
Storing previous URL as session data - by El Forum - 04-13-2010, 11:12 PM
Storing previous URL as session data - by El Forum - 04-14-2010, 03:19 AM
Storing previous URL as session data - by El Forum - 04-14-2010, 08:31 AM
Storing previous URL as session data - by El Forum - 04-14-2010, 08:59 AM
Storing previous URL as session data - by El Forum - 04-14-2010, 09:12 AM
Storing previous URL as session data - by El Forum - 04-14-2010, 09:38 AM
Storing previous URL as session data - by El Forum - 04-14-2010, 09:53 AM



Theme © iAndrew 2016 - Forum software by © MyBB